✨ [2025-01-16] 更新SSO进度

任务/周报.md

@@ -1,25 +1,55 @@
+## 20250120-20250123
+
+- [X] 梳理南北流量网关，重构具有歧义调用方法
+- [X] 核心包健康检查发布
+- [X] AuthFill下沉到核心包
+- [X] 基础枚举工具类下沉到核心包
+- [X] 基础分页下沉到核心包
+- [X] 基础树构建工具类下沉到核心包
+
+- [X] 电子面单添加物流渠道参数
+- [X] 电子面单获取失败记录
+- [X] 物流记录状态填充
+
+## 20250113-20250117
+
+- [X] 面试
+- [X] 产研协同平台支持角色和分组
+- [X] 门户网站优化（卡顿、弹窗、域名问题）
+- [X] 企赋网关支持业务参数
+
 ## 20250106 - 20250110
+
 - [X] [Yearning SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508162)
 - [X] [Gitlab SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508192)
 - [X] [K8s健康检查接口集成。](http://confluence.qifu.com/pages/viewpage.action?pageId=38508360)
 - [X] [Confluence安装及SSO接入指南](http://confluence.qifu.com/pages/viewpage.action?pageId=38508352)
 - [X] [Nacos安装及SSO接入指南](http://confluence.qifu.com/pages/viewpage.action?pageId=38508402)
 - [-] 集简云对接（需要付费后才能介入）
-  - - [X] 基础架子搭建
+    -
-  - - [ ] 接口对接
+        - [X] 基础架子搭建
+    -
+        - [ ] 接口对接
 - [X] 面试
 - 附加任务
-  - - [X] [starter-sso 封装](http://confluence.qifu.com/pages/viewpage.action?pageId=38508260)
+    -
-  - - [ ] 国际电子面单下单测试
+        - [X] [starter-sso 封装](http://confluence.qifu.com/pages/viewpage.action?pageId=38508260)
-  - - [X] 物流轨迹字段完善
+    -
+        - [ ] 国际电子面单下单测试
+    -
+        - [X] 物流轨迹字段完善
 
 ## 20241230 - 20250103
 
 - [X] 完成 yapi oidc 验证
-  1. - [X] 源码构建及错误处理
+    1.
-  2. - [X] Docker镜像构建
+        - [X] 源码构建及错误处理
-  3. - [X] OIDC 插件安装
+    2.
-  4. - [X] [YApi部署指南](http://confluence.qifu.com/pages/viewpage.action?pageId=38507970)
+        - [X] Docker镜像构建
+    3.
+        - [X] OIDC 插件安装
+    4.
+        - [X] [YApi部署指南](http://confluence.qifu.com/pages/viewpage.action?pageId=38507970)
 - [X] JenkinsSSO [接入文档](http://confluence.qifu.com/pages/viewpage.action?pageId=38507984)
 - [X] 面试
 

教程/20250113-Grafana安装及SSO接入指南.md

@@ -22,6 +22,50 @@
 
 # Grafana安装及SSO接入指南
 
+## OIDC 配置
+- 编辑 `defaults.ini`
+```toml
+#################################### Generic OAuth #######################             
+[auth.generic_oauth]
+name = WeWork
+icon = signin
+enabled = true
+allow_sign_up = true
+auto_login = false
+client_id = grafana
+client_secret = P0GxgSpnG4u9jNDPHZur7NWdNNaNjTU0
+scopes = openid profile email roles
+empty_scopes = false
+email_attribute_name = email
+email_attribute_path = email
+login_attribute_path = username
+name_attribute_path = name
+role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'edi
+role_attribute_strict = false
+org_attribute_path =
+org_mapping =
+groups_attribute_path =
+id_token_attribute_name =
+team_ids_attribute_path =
+auth_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/auth
+token_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/token
+api_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/userinfo
+signout_redirect_url =
+teams_url =
+allowed_domains =
+allowed_groups =
+team_ids =
+allowed_organizations =
+tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
+use_pkce = false
+auth_style =
+allow_assign_grafana_admin = false
+skip_org_role_sync = false
+use_refresh_token = false                    
+```
 ----
 
 ## 参考

文档/20241224-元盟全域SSO方案进度表.md

@@ -45,7 +45,7 @@
 | KubeSphere     | √  | √  | ×  | [KubeSphere 3.4 整合 OIDC][KubeSphere 3.4 整合 OIDC] |
 | Nacos          | √  | √  | ×  | [Nacos安装及SSO接入指南][Nacos安装及SSO接入指南]               |
 | Kibana         | ×  | ×  | ×  |                                                  |
-| Grafana        | ×  | ×  | ×  | [Grafana OIDC][Grafana OIDC]                     |
+| Grafana        | √  | √  | ×  | [Grafana安装及SSO接入指南][Grafana安装及SSO接入指南]           |
 | Skywalking     | ×  | ×  | ×  |                                                  |
 | Graylog        | ×  | ×  | ×  | [Graylog OIDC][Graylog OIDC]                     |
 | Harbor         | ×  | ×  | ×  | [Harbor OIDC][Harbor OIDC]                       |

杂项/test.yaml

@@ -0,0 +1,65 @@
+services:
+  # MongoDB: https://hub.docker.com/_/mongo/
+  mongodb:
+    image: "mongo:6.0.14"
+    networks:
+      - graylog
+
+  opensearch:
+    image: "opensearchproject/opensearch:2.12.0"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+      - "discovery.type=single-node"
+      - "action.auto_create_index=false"
+      - "plugins.security.ssl.http.enabled=false"
+      - "plugins.security.disabled=true"
+      # Can generate a password for `OPENSEARCH_INITIAL_ADMIN_PASSWORD` using a linux device via:
+      # tr -dc A-Z-a-z-0-9_@#%^-_=+ < /dev/urandom  | head -c${1:-32}
+      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=+_8r#wliY3Pv5-HMIf4qzXImYzZf-M=M
+    ulimits:
+      memlock:
+        hard: -1
+        soft: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    restart: "on-failure"
+    networks:
+      - graylog
+
+  # Graylog: https://hub.docker.com/r/graylog/graylog/
+  graylog:
+    image: "graylog/graylog:5.2"
+    environment:
+      - GRAYLOG_NODE_ID_FILE=/usr/share/graylog/data/config/node-id
+      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
+      - GRAYLOG_ELASTICSEARCH_HOSTS=http://opensearch:9200
+      - GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog
+      # CHANGE ME (must be at least 16 characters)!
+      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
+      # Password: admin
+      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
+      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
+    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
+    networks:
+      - graylog
+    restart: always
+    depends_on:
+      - mongodb
+      - opensearch
+    ports:
+      # Graylog web interface and REST API
+      - 9000:9000
+      # Syslog TCP
+      - 1514:1514
+      # Syslog UDP
+      - 1514:1514/udp
+      # GELF TCP
+      - 12201:12201
+      # GELF UDP
+      - 12201:12201/udp
+
+networks:
+  graylog:
+    driver: bridge